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DETAILED ACTION 



1 . Applicant's response filed on August 5, 2010 has been fully considered. 
Claims 1-24 are pending. 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

3. Claims 1-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Arthurs et al. (U.S. Patent No. 4,896,934), hereinafter "Arthurs", in view of Sawey 
(U.S. Patent No. 7,151,777 B2), and further in view of admitted prior art of Ross et al. 
(U.S. Patent No. 6,658,002 B1), hereinafter "Ross". 

Referring to claim 1 : 

i. Arthurs teaches: 

A method of providing physical port security in a digital 
communication system, comprising: 

receiving a frame of digital data at a network device (see figure 3 
'packet format', of Arthurs); 
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a destination port bit map based on the destination address 
information contained in said frame of digital data (see figure 3, element 'destination bit- 
map field'; and column 5, lines 50-54, of Arthurs); 

comparing said destination port bit map with the physical port 
availability bit map to generate a bit map of allowed destination ports, wherein said 
physical port availability bit map is generated, after said receiving, based on information 
in said received frame of digital data (see column 5, lines 58-65; column 6, lines 4-9; 
and column 7, lines 1-3, of Arthurs); and 

forwarding said frame of digital data to one or more of said allowed 
destination ports (see figure 1 , elements 14-1 ..14-n 'output ports', of Arthurs). 

Arthurs discloses generating the physical port availability bit map. 
However, Arthurs does not specifically mention the physical port security bit map. 

Arthurs further discloses using the destination port bit map. 
However, Arthurs does not specifically mention generating the destination port bit map. 

ii. Sawey teaches a crosspoint switch having multicast functionality, 
wherein Sawey discloses generating the destination port bit map based on the 
destination address contained in the frame of the digital data (see figure 4, elements 
100 'receive multicast packet', 102 'generate port map mapping multicast address to 
destination output ports'; and column 7, lines 41-45, of Sawey). 

On the other hand, Ross teaches a method for performing logical 
operations for packet processing, wherein Ross discloses generating a physical port 
security bit map based on information in said received frame of digital data (see column 
3, line 58 to column 4, line 1 'Thus, if the rule is "deny packets from port 80 ," the 
corresponding CAM entry is a bit string representing a value of 80 in the portion of the 
string corresponding to the port number [i.e., a physical port security bit map]. Note 
that, as the rules are typically more complex than simple filters on port numbers, the 
CAM entries typically consists of multiple fields corresponding to the parts of the 
conventional flow label of a packet . Such fields typically include the IP source address, 
IP destination address [i.e., information of the packet], source port number, destination 
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port number, type of service (TOS), and Layer 3 and Layer 4 protocol identification.', of 
Ross, emphasis added). 

iii. The ordinary skilled person would have been motivated to have 
applied the teaching of Sawey into the system of Arthurs to generate a destination port 
bit map, because Arthurs teaches "The present invention relates to an optical switch for 
use in a fiber optic telecommunications network, and more particularly, to an optical 
switch with multicast capability ." (see column 1, lines 5-8, of Arthurs, emphasis added). 
Sawey teaches "The present invention relates generally to packet switching and, more 
particularly, to a crosspoint switch having multicast functionality ." (see column 1 , lines 6- 
8, of Sawey, emphasis added). Therefore, Sawey's teaching could enhance Arthurs's 
system. 

The ordinary skilled person would have been motivated to have 
applied the teaching of Ross into the system of Arthurs to generate the physical port 
security bit map, because Arthurs teaches "Illustratively, the electronic control network 
is in the form of a track which sequentially links all of the input ports and output ports. 
At the beginning of the track is a token generator which generates control tokens . The 
control tokens are passed sequentially around the track from port to port." (see column 
2, lines 58-63, of Arthurs, emphasis added). Ross teaches "The present invention 
generally concerns data communications systems, in particular internetworking systems 
and specifically access control techniques for such systems." (see column 1, lines 13- 
15, of Ross, emphasis added). Therefore, Rossn's teaching could enhance Arthurs's 
system. 

Referring to claims 2, 13 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Arthurs further discloses the logical AND (see figure 13A; and column 5, line 64, of 
Ross). 

Referring to claims 3-5, 14-16, 23 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
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They further disclose the source address and the destination address (see column 3, 
line 58 to column 4, line 1 , of Ross). 
Referring to claims 6, 17, 22 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Arthurs further discloses the IP address (see column 2, line 57, of Ross). 
Referring to claims 7, 18 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Arthurs further discloses the router (see column 2, lines 31-33, of Arthurs). 
Referring to claims 8, 19 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: an 
intermediate network device (see claim 12 above). They further disclose the network 
file server (see column 1 , lines 51-52, of Ross). 
Referring to claims 9, 20 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: an 
intermediate network device (see claim 12 above). They further disclose the local area 
network (see column 1 , line 35, of Ross). 
Referring to claim 10 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
They further discloses the process (see column 1 , line 51 , of Sawey). 
Referring to claim 1 1 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Ross further discloses that the physical port security bit map is generated dynamically 
based on a variable parameter (see e.g. column 3, line 58 to column 4, line 1 , of Ross). 
Referring to claim 12 : 

i. Arthurs teaches: 

A system for providing physical port security, comprising: 
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at least one processor within a network device, said network device 
having a communication port for receiving digital data from a digital communications 
system and two or more physical data ports for forwarding said digital data, said at least 
one of processor enables (see figure 1, element 10; and column 2, lines 31-33, of 
Arthurs): 

a destination port bit map based on destination address information 
contained in said received digital data (see figure 3, element 'destination bit-map field'; 
and column 5, lines 50-54, of Arthurs); 

comparing of said destination port bit map within a physical port 
availability bit map to generate a bit map of allowed destination ports, wherein said 
physical port availability bit map is generated, after said receiving, based on information 
within said received digital data (see column 5, lines 58-65; column 6, lines 4-9; and 
column 7, lines 1-3, of Arthurs); and 

forwarding of said digital data to one or more of said allowed 
destination ports (see figure 1, elements 14-1..14-n 'output ports', of Arthurs). 

Arthurs discloses generating the physical port availability bit map. 
However, Arthurs does not specifically mention the physical port security bit map. 

Arthurs further discloses using the destination port bit map. 
However, Arthurs does not specifically mention generating the destination port bit map. 

ii. Sawey teaches a crosspoint switch having multicast functionality, 
wherein Sawey discloses generating the destination port bit map based on the 
destination address contained in the frame of the digital data (see figure 4, elements 
100 'receive multicast packet', 102 'generate port map mapping multicast address to 
destination output ports'; and column 7, lines 41-45, of Sawey). 

On the other hand, Ross teaches a method for performing logical 
operations for packet processing, wherein Ross discloses generating a physical port 
security bit map based on information in said received frame of digital data (see column 
3, line 58 to column 4, line 1 'Thus, if the rule is "deny packets from port 80 ," the 
corresponding CAM entry is a bit string representing a value of 80 in the portion of the 
string corresponding to the port number [i.e., a physical port security bit map]. Note 
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that, as the rules are typically more complex than simple filters on port numbers, the 
CAM entries typically consists of multiple fields corresponding to the parts of the 
conventional flow label of a packet . Such fields typically include the IP source address, 
IP destination address [i.e., information of the packet], source port number, destination 
port number, type of service (TOS), and Layer 3 and Layer 4 protocol identification.', of 
Ross, emphasis added). 

iii. The ordinary skilled person would have been motivated to have 
applied the teaching of Sawey into the system of Arthurs to generate a destination port 
bit map, because Arthurs teaches "The present invention relates to an optical switch for 
use in a fiber optic telecommunications network, and more particularly, to an optical 
switch with multicast capability ." (see column 1, lines 5-8, of Arthurs, emphasis added). 
Sawey teaches "The present invention relates generally to packet switching and, more 
particularly, to a crosspoint switch having multicast functionality ." (see column 1 , lines 6- 
8, of Sawey, emphasis added). Therefore, Sawey's teaching could enhance Arthurs's 
system. 

The ordinary skilled person would have been motivated to have 
applied the teaching of Ross into the system of Arthurs to generate the physical port 
security bit map, because Arthurs teaches "Illustratively, the electronic control network 
is in the form of a track which sequentially links all of the input ports and output ports. 
At the beginning of the track is a token generator which generates control tokens . The 
control tokens are passed sequentially around the track from port to port." (see column 
2, lines 58-63, of Arthurs, emphasis added). Ross teaches "The present invention 
generally concerns data communications systems, in particular internetworking systems 
and specifically access control techniques for such systems." (see column 1, lines 13- 
15, of Ross, emphasis added). Therefore, Rossn's teaching could enhance Arthurs's 
system. 

Referring to claim 21 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: an 
intermediate network device (see claim 12 above). They further disclose the IP data 
(see column 1 , line 29 'data packet', of Ross). 
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Referring to claims 24 : 

Arthurs, Sawey, and Ross teach the claimed subject matter: an 
intermediate network device (see claim 12 above). Ross further discloses that the 
physical port security bit map is dynamically altered based on a variable parameter (see 
e.g. column 3, line 58 to column 4, line 1 , of Ross). 

Response to Arguments 

4. Applicant's following arguments, filed on August 5, 2010, have been fully 
considered but they are not persuasive. 

(a) Applicant argues: 

"However, the destination bit map field of Arthurs is not a "[generated]... based 
on the destination address information contained in said frame of digital data," as 
require by the claims. Instead, it is merely one of the fields contained in each of the data 
packets that arrive at the input ports 12. (See, e.g., Arthurs, col. 5, lines 39-54.) Thus it 
is received at the network device; it is not generated as required by the claims of the 
present application." (see page 10, 3rd paragraph). 

Examiner maintains: 

Arthurs discloses "The format of a packet arriving at one of the input ports 12 is 
shown in FIG. 3. Illustratively, the packet has four fields, a Data Field, a Source 
Address Field, a Destination Bit Map Field , and a Priority Bits Field." (see column 5, 
lines 43-45, of Arthurs). Therefore, Arthurs discloses the destination bit map. However, 
Arthurs does not explicitly discloses generating the destination bit map. 

On the other hand, Sawey discloses "FIG. 4 is a flowchart illustrating the 
progression of a multicast packet within input module 12. Input module 12 receives the 
multicast packet at step 100. Input module 12 then generates a port map mapping the 
multicast address of the multicast packet to destination output ports at step 102 [i.e., 
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generating a destination port bit map based on the destination address information 
contained in said frame of digital data]." (see column 7, lines 41-45, of Sawey). 

Therefore, the combination of references discloses generating a destination port 
bit map based on the destination address information contained in said frame of digital 
data, such as claimed. 

(b) Applicant argues: 

"The Examiner fails to explain any motivation for making this combination, as 
required by KSR." (see page 1 1 , last paragraph). 
Examiner maintains: 

The previous Office Action states "The ordinary skilled person would have been 
motivated to have applied the teaching of Sawey into the system of Arthurs to generate 
a destination port bit map, because Arthurs teaches "The present invention relates to an 
optical switch for use in a fiber optic telecommunications network, and more particularly, 
to an optical switch with multicast capability ." (see column 1, lines 5-8, of Arthurs, 
emphasis added). Sawey teaches "The present invention relates generally to packet 
switching and, more particularly, to a crosspoint switch having multicast functionality ." 
(see column 1, lines 6-8, of Sawey, emphasis added). Therefore, Sawey's teaching 
could enhance Arthurs's system.". Therefore, Examiner explained the motivation for 
making the combination of Arthurs and Sawey. 

Additionally, Arthurs discloses "Specifically, the fan out of a multicast packet is 
the number of output ports that are destined to receive a copy of the packet. Because 
the output port contention probability increases rapidly as fan out increases , a multicast 
packet with large fan out will probably be blocked." (see column 7, lines 34-39, of 
Arthurs, emphasis added). Sawey discloses "For example, multiplexor 20 may 
generate a revised port map (PM') that indicates recipients currently available to receive 
a copy of the multicast packet . Thus, as indicated at 54, multiplexor 20 may schedule 
the multicast packet for communication to available recipients by associating the revised 
port map with the multicast packet." (see column 7, lines 14-20, of Sawey, emphasis 
added). Therefore, Sawey's teaching could further enhance Arthurs's system, because 
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Savvey's destination port bit map "indicates recipients currently available to receive a 
copy of the multicast packet", while Arthurs's destination port bit map is pre-generated 
and static, which does not "indicates recipients currently available to receive a copy of 
the multicast packet" 

(c) Applicant argues: 

"Neither Arthurs nor Sawey, alone or in combination, disclose or suggest a 
"physical port security bit map" as required by this claim element. As such, they also do 
not disclose or suggest "comparing said destination port bit map with a physical port 
security bit map."." (see page 13, 2nd paragraph). 

Examiner maintains: 

Arthurs discloses "The format of a typical token generated by the token generator 
32 of FIG. 1 is illustrated in FIG. 3. A token comprises two fields, a Source Address 
Field and an Output Availability Field [i.e., the physical port availability bit map]. The 
Output Availability Field comprises a bita.sub.i for each output port 1 4-i. A logic "1 " in a 
particular bit position of the Output Availability Field indicates that the corresponding 
output port has been reserved. The token generator emits tokens with a cleared output 
availability field [i.e., generate and initialize the physical port availability bit map]..." (see 
column 5, line 58 to column 6, line 3, of Arthurs, emphasis added). However, Arthurs 
does not explicitly discloses a physical port security bit map. 

On the other hand, Ross discloses "Thus, if the rule is "deny packets from port 
80," the corresponding CAM entry is a bit string representing a value of 80 in the portion 
of the string corresponding to the port number [i.e., generating a physical port security 
bit map]. Note that, as the rules are typically more complex than simple filters on port 
numbers, the CAM entries typically consists of multiple fields corresponding to the parts 
of the conventional flow label of a packet. Such fields typically include the IP source 
address, IP destination address, source port number, destination port number [i.e., 
based on information in said received frame of digital data], type of service (TOS), and 
Layer 3 and Layer 4 protocol identification." (see column 3, line 58 to column 4, line 1 , 
of Ross). 
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Therefore, the combination of references discloses generating a physical port 
security bit map based on information in said received frame of digital data, such as 
claimed. 

(d) Applicant argues: 

"The Examiner fails to explain any motivation for making this combination, as 
required by KSR." (see page 14, last paragraph). 
Examiner maintains: 

The previous Office Action states "The ordinary skilled person would have been 
motivated to have applied the teaching of Ross into the system of Arthurs to generate 
the physical port security bit map, because Arthurs teaches "Illustratively, the electronic 
control network is in the form of a track which sequentially links all of the input ports and 
output ports. At the beginning of the track is a token generator which generates control 
tokens . The control tokens are passed sequentially around the track from port to port." 
(see column 2, lines 58-63, of Arthurs, emphasis added). Ross teaches "The present 
invention generally concerns data communications systems, in particular 
internetworking systems and specifically access control techniques for such systems." 
(see column 1, lines 13-15, of Ross, emphasis added). Therefore, Rossn's teaching 
could enhance Arthurs's system.". Therefore, Examiner explains the motivation for 
making this combination. 

Additionally, Arthurs discloses "The format of a typical token generated by the 
token generator 32 of FIG. 1 is illustrated in FIG. 3. A token comprises two fields, a 
Source Address Field and an Output Availability Field [i.e., the physical port availability 
bit map]. The Output Availability Field comprises a bita.sub.i for each output port 14-i. A 
logic "1" in a particular bit position of the Output Availability Field indicates that the 
corresponding output port has been reserved. The token generator emits tokens with a 
cleared output availability field [i.e., generate and initialize the physical port availability 
bit map]..." (see column 5, line 58 to column 6, line 3, of Arthurs, emphasis added). 

Ross discloses "Thus, if the rule is "deny packets from port 80," the 
corresponding CAM entry is a bit string representing a value of 80 in the portion of the 



Application/Control Number: 10/646,976 Page 12 

Art Unit: 2492 

string corresponding to the port number [i.e., generating a physical port security bit 
map]. Note that, as the rules are typically more complex than simple filters on port 
numbers, the CAM entries typically consists of multiple fields corresponding to the parts 
of the conventional flow label of a packet. Such fields typically include the IP source 
address, IP destination address, source port number, destination port number [i.e., 
based on information in said received frame of digital data], type of service (TOS), and 
Layer 3 and Layer 4 protocol identification." (see column 3, line 58 to column 4, line 1 , 
of Ross). 

Therefore, Ross's teaching could further enhance Arthurs's system, because 
Arthurs's physical port availability bit map is generated and initialized to make all output 
ports available, while Ross's physical port security bit map is generated utilizing rules., 
such as "deny packets from port 80". Thus, Ross's physical port availability bit map 
could enhance the system of Arthurs and Saway by providing network security. 

(e) Applicant argues: 

"However, even though Ross discloses ACL rule implementation using CAM 
entries, there is still no disclosure of generating a physical port security bit map. 
Furthermore, Ross also does not disclose that a physical port security bit map is 
generated based on information in a received frame of digital data, as recited in 
Applicant's claim 1." (see page 15, last paragraph). 

Examiner maintains: 

Ross discloses "Thus, if the rule is "deny packets from port 80," the 
corresponding CAM entry is a bit string representing a value of 80 in the portion of the 
string corresponding to the port number [i.e., generating a physical port security bit 
map]. Note that, as the rules are typically more complex than simple filters on port 
numbers, the CAM entries typically consists of multiple fields corresponding to the parts 
of the conventional flow label of a packet. Such fields typically include the IP source 
address, IP destination address, source port number, destination port number [i.e., 
based on information in said received frame of digital data], type of service (TOS), and 
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Layer 3 and Layer 4 protocol identification." (see column 3, line 58 to column 4, line 1 , 
of Ross). 

Therefore, the reference(s) disclose generating a physical port security bit map, 
and that a physical port security bit map is generated based on information in a received 
frame of digital data, such as claimed. 

(f) Applicant argues: 

"In addition, the combination of Arthurs, Sawey, and Ross does not disclose or 
suggest at least the limitation of "wherein said physical port security bit map is 
generated dynamically based on a variable parameter," as recited by claims 1 1 and 24." 
(see page 17, 1st paragraph). 

Examiner maintains: 

Ross discloses "Thus, if the rule is "deny packets from port 80," the 
corresponding CAM entry is a bit string representing a value of 80 in the portion of the 
string corresponding to the port number [i.e., generating a physical port security bit 
map]. Note that, as the rules are typically more complex than simple filters on port 
numbers, the CAM entries typically consists of multiple fields corresponding to the parts 
of the conventional flow label of a packet. Such fields typically include the IP source 
address, IP destination address, source port number, destination port number [i.e., 
based on information in said received frame of digital data], type of service (TOS), and 
Layer 3 and Layer 4 protocol identification." (see column 3, line 58 to column 4, line 1 , 
of Ross). 

Therefore, the reference(s) disclose wherein said physical port security bit map is 
generated dynamically based on a variable parameter [i.e., the IP source address, IP 
destination address, source port number, destination port number, etc.], such as 
claimed. 



Conclusion 
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5. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Joseph Pan whose telephone number is 571-272- 
5987. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Joseph Thomas can be reached at 571-272-6776. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
703-872-9306. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



/Joseph Pan/ 

Examiner, Art Unit 2492 

October 7, 2010 

/Aravind K Moorthy/ 
Primary Examiner, Art Unit 2492 



